Overview
Japan and Pakistan have signed an MOU in 2019 that Japan is accepting Specified Skilled Workers (SSW) from Pakistan. They needed a professional recruiting platform that can recruit easily and bring highly qualified Pakistani ‘Information and Communications Technology (ICT) engineers’ to Japan. For this Profound Vision has signed an MOU with the Shikoku Information Technology Cooperative and is developing a digital matching Portal FiTE with Pakistan’s leading IT company, ‘Sybrid (Pvt.) Ltd.
On the request of profound Vision, Concave FORT proposed the consultancy for Secure Software Development & Continuous Security Assessment of the Application while development to conduct the VAPT of the FITE web application platform to ensure the security of the recruitment portal.
Challenges
Being a professional recruiter in the world, the security of the recruiting platform was a top priority. The web application was designed to facilitate different roles and also provide a secure convenient and easy-to-use interface to monitor and manage.
As far as the performance is concerned, the platform is working accurately. To prevent this platform from any outside interference they wanted to uncover risks or hidden vulnerabilities that might put risk to the organization.
Solutions
To ensure the compliance requirement for secure development & Security Testing of the Application, the OWASP testing methodology was highly recommended. Focusing on the International Standards and Industry-accepted approach of OWASP ASVS (Application Security Verification Standard), the secure development of the application was verified. FORT’s experts used the Continuous Security Assessment & Penetration Testing tools to identify the security risks in the application. Continuous alignment with the Developers for the recommendations for the remediation of the risks in the FITE Web Application. In short, the automated development of the application enabled the developers and Security experts to build the application through a secure SDLC process. Moreover, the Penetration Testing results with recommendations were discussed with the InfoSec & development team for the way forward to the remediation. Fully compliance status at the sign-off of the project, with best industry practices, ensuring the security of the Web Application.
Business Benefit
Risk evaluation and mitigation of the Public facing Assets i.e. Web Applications, minimizing the likelihood of reputational loss, business interruption and errors that could lead to major cyber-attacks.
